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PRELIMINARY AMENDMENT 

Assistant Commissioner for Patents February 1 3, 2002 

Washington, D.C. 20231 

Sir: 

Prior to examination, please amend the above-identified application as follows. 

IN THE CLAIMS 

Please amend the claims as follows: 

1 . (Amended) A method for providing secure access to a packet data network, 
said method comprising: 

a) receiving a message from a terminal device , connected to said packet 



data network; 



deriving a first source information from said message; 



c) 



deriving a second source information; 



comparing said first and second source information; and 
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e) initiating a protection processing based on the result of said comparing step. 

3. (Amended) A method according to claim 1, wherein said second source 
information is a source address information derived from a packet data unit used for 
conveying said message, or from a security association set up between said terminal device 
and said packet data network. 

4. (Amended) A method according to claim 1 , wherein said protection 
processing comprises a processing for dropping said message if said comparing step leads to 
the result that said first source information and said second source information do not indicate 
the same location. 

5. (Amended) A method according to claim 1, wherein said protection 
processing comprises a processing for dropping said message if said comparing step leads to 
the result that said first source information and said second source information do not match. 

6. (Amended) A method according to claim 1, wherein said first source 
information is an IP address. 

8. (Amended) A method according to claim 1, wherein said second source 
information is at least a part of an IP source address of an IP datagram. 

12. (Amended) A method according to claim 10, wherein said message is 
conveyed using a SIP-level protection function. 
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13. (Amended) A network element for providing secure access to a packet data 
network, said network element comprising: 

a) receiving means for receiving a message from a terminal device connected to said 
network element ; 

b) deriving means for deriving a first source information from said message, and for 
deriving a second source information; 

c) comparing means for comparing said first and second source information; and 

d) protecting means for initiating a protection processing based on the comparing 
result of said comparing means. 

14. (Amended) A network element according to claim 13, wherein said 
deriving means is arranged for deriving said second source information from a packet data 
unit used for conveying said message or from a security association set up between said 
terminal device and said network element . 

15. (Amended) A network element according to claim 13, wherein said 
deriving means is arranged for deriving said first source information from a header portion of 
said message. 

1 6. (Amended) A network element according to any one of claims 13, wherein 
said protecting means are arranged to initiate a processing for dropping said message if said 
comparing result indicates that said first source information and said second source 
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information do not indicate the same location. 



17. (Amended) A network element according to any one of claims 13, wherein 
said protecting means are arranged to initiate a processing for dropping said message if said 
comparing result indicates that said first source information and said second source 
information do not match. 

1 8 . (Amended) A network element according to any one of claims 1 3 , wherein 
said deriving means are arranged for reading said second source information from a database 
provided at said network element. 

1 9. (Amended) A network element according to any one of claims 13, wherein 
said deriving means are arranged for deriving said second source information by extracting an 
IP source address from an IP datagram. 

20. (Amended) A network element according to any one of claims 13, wherein 
said network element is a proxy server. 

2 1 . (Amended) A network element according to claim 20, wherein said proxy 
server is a P-CSCF of an IP Mobility Subsystem. 

Please add new claims 22-35 as follows: 

22. A method according to claim 2, wherein said second source information is a 
source address information derived from a packet data unit used for conveying said message, 
or from a security association set up between said terminal device and said packet data 



network. 

23 . A method according to claim 22, wherein said protection processing comprises 
a processing for dropping said message if said comparing step leads to the result that said first 
source information and said second source information do not indicate the same location. 

24. A method according to claim 23, wherein said protection processing comprises 
a processing for dropping said message if said comparing step leads to the result that said first 
source information and said second source information do not match. 

25. A method according to claim 24, wherein said first source information is an IP 
address. 

26. A method according to claim 25, wherein said message is a SIP message. 

27. A method according to claim 26, wherein said second source information is at 
least a part of an IP source address of an IP datagram. 

28. A method according to claim 1 1 , wherein said message is conveyed using a 
SIP-level protection function. 

29. A network element according to claim 14, wherein said deriving means is 
arranged for deriving said first source information from a header portion of said message. 



5 



30. A network element according to any one of claims 29, wherein said protecting 
means are arranged to initiate a processing for dropping said message if said comparing result 
indicates that said first source information and said second source information do not indicate 
the same location. 



31. A network element according to any one of claims 30, wherein said protecting 
means are arranged to initiate a processing for dropping said message if said comparing result 

P indicates that said first source information and said second source information do not match. 

32. A network element according to any one of claims 3 1 , wherein said deriving 
pi means are arranged for reading said second source information from a database provided at 
G said network element. 

W 

p 33. A network element according to any one of claims 32, wherein said deriving 

ru 

means are arranged for deriving said second source information by extracting an IP source 
address from an IP datagram. 

34. A network element according to any one of claims 33, wherein said network 
element is a proxy server. 

35 . (Amended) A network element according to claim 34, wherein said proxy 
server is a P-CSCF of an IP Mobility Subsystem. - 
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REMARKS 



Attached hereto is a marked-up version of the changes made to the claims by the 
current Amendment. The attached page is captioned " Version with markings to show 
changes made ". 

Please charge any shortage in fees due in connection with the riling of this paper, or 
credit any overpayment of fees, to the deposit account of Antonelli, Terry, Stout & Kraus, 
LLP, Deposit Account No. 01-2135 (1 120.41 193X00). 



Respectfully submitted, 



ANTONELLI, TERRY, STOUT & KRAUS, LLP 




Carl IyBrundidge 
Registration No. 29,621 



CIB/jdc 

(703)312-6600 
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VERSION WITH MARKINGS TO SHOW CHANGES MADE 



IN THE CLAIMS 

Please amend the claims as follows: 

2. (Amended) A method for providing secure access to a packet data network, 
said method comprising: 

f) receiving a message from a terminal device (40, 60), connected to said packet 
data network; 

g) deriving a first source information from said message; 

h) deriving a second source information; 

i) comparing said first and second source information; and 

j) initiating a protection processing based on the result of said comparing step. 

3. (Amended) A method according to claim 1 er-2, wherein said second 
source information is a source address information derived from a packet data unit used for 
conveying said message, or from a security association set up between said terminal device 
(40, 60) and said packet data network. 

4. (Amended) A method according to claim 1 a n y one of-the-p r eeeding claims, 
wherein said protection processing comprises a processing for dropping said message if said 
comparing step leads to the result that said first source information and said second source 
information do not indicate the same location. 



5. (Amended) A method according to claim 1 a ny one of the pree e etmg-eteams, 



wherein said protection processing comprises a processing for dropping said message if said 
comparing step leads to the result that said first source information and said second source 
information do not match. 



6. (Amended) A method according to claim 1 any one of the pr e ceding cla im s, 
wherein said first source information is an IP address. 



9. (Amended) A method according to claim 1 aay-ene-ef4he^eeed4n#«ta«ns, 

wherein said second source information is at least a part of an IP source address of an IP 
datagram. 

12. (Amended) A method according to claim 1 0 of44, wherein said message is 
conveyed using a SEP-level protection function. 

1 3 . (Amended) A network element for providing secure access to a packet data 
network, said network element (30) comprising: 

ate) receiving means (34) for receiving a message from a terminal device (40r6O) 

connected to said network element (34)); 
h)f)deriving means (34-1 for deriving a first source information from said message, and 

for deriving a second source information; 

comparing means (334 for comparing said first and second source information; 

and 

h) protecting means (334 for initiating a protection processing based on the 
comparing result of said comparing means. 




14. (Amended) A network element according to claim 13, wherein said 



deriving means (34) is arranged for deriving said second source information from a packet 
data unit used for conveying said message or from a security association set up between said 
terminal device (44V&Q) and said network element (30). 

15. (Amended) A network element according to claim 13 or - 14, wherein said 
deriving means (34-) is arranged for deriving said first source information from a header 
portion of said message. 

16. (Amended) A network element according to any one of claims 13 to 4-5, 
wherein said protecting means (34) are arranged to initiate a processing for dropping said 
message if said comparing result indicates that said first source information and said second 
source information do not indicate the same location. 

17. (Amended) A network element according to any one of claims 13 to IS , 
wherein said protecting means (33) are arranged to initiate a processing for dropping said 
message if said comparing result indicates that said first source information and said second 
source information do not match. 

18. (Amended) A network element according to any one of claims 1 3 to 17 , 
wherein said deriving means are arranged for reading said second source information from a 
database (34) provided at said network element. 

1 9. (Amended) A network element according to any one of claims 1 3 to-4-8, 
wherein said deriving means (34) are arranged for deriving said second source information by 
extracting an IP source address from an IP datagram. 



20. (Amended) A network element according to any one of claims 13 te4#, 
wherein said network element is a proxy server (30). 

2 1 . (Amended) A network element according to claim 20, wherein said proxy 
server is a P-CSCF (30) of an IP Mobility Subsystem. 



